-
-
Notifications
You must be signed in to change notification settings - Fork 694
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Decoding RS256 JWT #93
Comments
Following this to get a :
and then setting this to |
This might be related to #90 |
The issue is mentioned here: https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/#pem and also talked about in #82. The solution is to load the certificate using:
|
Still not clear with this if there's something we can do to prevent this confusion. |
You could make this logic try to fall back one to one more attempt. You could add some additional logic to look for the begin/end public key string as well. |
Interested in seeing a PR for this. @wbolster @mark-adams I'd love your thoughts on this. |
I think we should update the documentation to indicate how to load a key from an x509 certificate. I don't think adding more fallback logic is the right approach. The API expects a key and it works when you pass in a key. A certificate is way more than a key so it's a bit outside the scope of our code and would only add complexity. It should be the consumer's responsibility to make sure they are passing in a key and not something else. If we do something like this, why not check to see if it is ZIP compressed, or embedded in a Word doc, or maybe a reversed string? :) |
I would say more important than the fallback logic would just be documentation. |
Sold! If anyone wants to take a stab at that, pull requests are welcome. |
+1 on having this as documentation. Adding magic detection logic to the |
Resolved #93 by adding a section the README detailing how to extract public / private keys from an x509 certificate.
I am trying to decode a JWT encoded with
RS256
.When I run the following:
I get:
I suspect something might be wrong with the public key format:
The text was updated successfully, but these errors were encountered: